version: '3.9'
services:
  # Database
  database:
    image: mariadb:latest
    container_name: database
    profiles:
      - database
    restart: on-failure
    volumes:
      - database:/var/lib/mysql:rw
    env_file:
      - env/mariadb.env
    environment:
      MYSQL_DATABASE: blog_wp
    command: '--default-authentication-plugin=mysql_native_password'
    networks:
      - blog-network
    security_opt:
      - no-new-privileges:true

  # Wordpress
  wordpress:
    image: wordpress:fpm
    container_name: wordpress
    profiles:
      - wordpress
    restart: on-failure
    depends_on:
      - database
    env_file:
      - env/wordpress.env
    volumes:
      - ./php.ini:/usr/local/etc/php/conf.d/custom.ini:ro
      - wordpress:/var/www/html:rw
    networks:
      - blog-network
    security_opt:
      - no-new-privileges:true

  # Webserver
  caddy:
    image: caddy:alpine
    container_name: webserver
    profiles:
      - webserver
    restart: on-failure
    ports:
      - 80:80
      - 443:443
    volumes:
      - wordpress:/var/www/html:rw
      - caddy_data:/data:rw
      - caddy_config:/config:rw
      - ./caddy:/etc/caddy:ro
    networks:
      - blog-network
    security_opt:
      - no-new-privileges:true

  # Adminer
  adminer:
    image: adminer:latest
    container_name: adminer
    profiles:
      - adminer
    restart: on-failure
    env_file: 
      - env/adminer.env
    depends_on:
      - database
    networks:
      - blog-network
    security_opt:
      - no-new-privileges:true
#      - seccomp:unconfined
#      - apparmor:unconfined
#    cap_drop:
#      - ALL
#    cap_add:
#      - CHOWN

networks:
  blog-network:
    driver: bridge
    name: blog-network

volumes:
  database:
    name: database
  wordpress:
    name: wordpress
  caddy_data:
    name: caddy_data
  caddy_config:
    name: caddy_config